[jdk11u-dev] RFR: 8305972: Update XML Security for Java to 3.0.2 [v2]

Goetz Lindenmaier goetz at openjdk.org
Mon Jan 15 15:38:02 UTC 2024 

> This backport is based on https://github.com/openjdk/jdk17u-dev/pull/2116 , the minimal version.
> It contains the full EdDSA functionality and only removes the Strings that are explicitly not documented for backport in the CSRs.
> 
> I needed the following adaptions you find in seperate commits:
> 
> **Resolves**:
> 
> The implementation in the jdk patched clean. 
> There were some conflicts in the tests:
> 
> test/jdk/TEST.groups
>   trivial resolve due to context.
> 
> test/jdk/javax/xml/crypto/dsig/GenerationTests.java
>   trivial resolve due to context.  8241306 is missing in the context.
> 
> test/jdk/javax/xml/crypto/dsig/SecureValidation.java
>  This file is not in 11.
>   It came with "8241306: Add SignatureMethodParameterSpec subclass
>   for RSASSA-PSS params" which was not backported. Changes omitted.
> 
> test/lib/jdk/test/lib/security/XMLUtils.java
>   One chunk does not apply because the removed code differs.
>   In 17, a switch statement is used that was adapted to Java 11.
>   Moved the comment and exception thrown in 11 to the new place.
> 
> 
> **Make it compile and make the tests work**:
> 
> The changes to the libraries compile out of the box.
> 
> The tests needed several adaptions. I did not remove the
> bad code yet, but just commented it out to highlight the 
> differences better for now.
> 
> test/jdk/javax/xml/crypto/dsig/Basic.java
>   I had to remove test cases because
>     8241305: Add SignatureMethodParameterSpec subclass for RSASSA-PSS params
>     8166597: Crypto support for the EdDSA Signature Algorithm
>   are not in 11.
> 
> test/jdk/javax/xml/crypto/dsig/GenerationTests.java
>   To make it compile, I
>   replaced HexFormat.of().parseHex() by jdk.test.lib.Utils.toByteArray().
>   Further, I commented a row of test coding that does not compile.
>   "8166597: Crypto support for the EdDSA Signature Algorithm" would
>   be needed to get these test cases working.
>   This effectively removes the test cases for the new functionality.
> 
> test/jdk/javax/xml/crypto/dsig/HereFunction.java
>   A simple tweak to enable testing of sha1 is not needed in 11.
>   In 11, sha1 is still available per default as
>   "8259709: Disable SHA-1 XML Signatures" was not backported.
> 
> test/lib/jdk/test/lib/security/XMLUtils.java
>   More complex resolve because a previous backport was already adapted to 11.
>   The code in 17 uses incompatible switch and instanceof
>   in several places.
>   It also needed adaptions because it does not compile as
>     8166597: Crypto support for the EdDSA Signature Algorithm
>   is not in 11.

Goetz Lindenmaier has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:

 - Merge branch 'openjdk:master' into goetz_backport_8305972-minimal
 - Merge branch 'openjdk:master' into goetz_backport_8305972-minimal
 - Fix tests, they now all pass
 - Resolve chunks that did not apply.
 - Backport 8309572 17u minimal change -- clean parts

-------------

Changes:
  - all: https://git.openjdk.org/jdk11u-dev/pull/2455/files
  - new: https://git.openjdk.org/jdk11u-dev/pull/2455/files/1da0c3c5..68c77490

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=2455&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=2455&range=00-01

  Stats: 2274 lines in 13 files changed: 2271 ins; 0 del; 3 mod
  Patch: https://git.openjdk.org/jdk11u-dev/pull/2455.diff
  Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/2455/head:pull/2455

PR: https://git.openjdk.org/jdk11u-dev/pull/2455

More information about the jdk-updates-dev mailing list